Sign-up

ID

VAR-201804-0963


CVE

CVE-2018-1000163


TITLE

Floodlight Vulnerable to cross-site scripting

Trust: 0.8

sources: JVNDB: JVNDB-2018-004189

DESCRIPTION

Floodlight version 1.2 and earlier contains a Cross Site Scripting (XSS) vulnerability in the web console that can result in javascript injections into the web page. This attack appears to be exploitable via the victim browsing the web console. Floodlight Contains a cross-site scripting vulnerability.Information may be obtained and information may be altered

Trust: 1.62

sources: NVD: CVE-2018-1000163 // JVNDB: JVNDB-2018-004189

AFFECTED PRODUCTS

vendor:projectfloodlightmodel:floodlightscope:lteversion:1.2

Trust: 1.0

vendor:floodlightmodel:floodlightscope:lteversion:1.2

Trust: 0.8

vendor:projectfloodlightmodel:floodlightscope:eqversion:1.2

Trust: 0.6

sources: JVNDB: JVNDB-2018-004189 // CNNVD: CNNVD-201804-835 // NVD: CVE-2018-1000163

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2018-1000163
value: MEDIUM

Trust: 1.0

NVD: CVE-2018-1000163
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201804-835
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2018-1000163
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

nvd@nist.gov: CVE-2018-1000163
baseSeverity: MEDIUM
baseScore: 6.1
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 2.8
impactScore: 2.7
version: 3.0

Trust: 1.8

sources: JVNDB: JVNDB-2018-004189 // CNNVD: CNNVD-201804-835 // NVD: CVE-2018-1000163

PROBLEMTYPE DATA

problemtype:CWE-79

Trust: 1.8

sources: JVNDB: JVNDB-2018-004189 // NVD: CVE-2018-1000163

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-835

TYPE

XSS

Trust: 0.6

sources: CNNVD: CNNVD-201804-835

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-004189

PATCH
title:Top Pageurl:http://www.projectfloodlight.org/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004189

EXTERNAL IDS
db:NVDid:CVE-2018-1000163
Trust: 2.4
db:JVNDBid:JVNDB-2018-004189
Trust: 0.8
db:CNNVDid:CNNVD-201804-835
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2018-004189 // 
            
            
            
            CNNVD: CNNVD-201804-835 // 
            
            
            
            NVD: CVE-2018-1000163

REFERENCES
url:https://xiaofen9.github.io/blog/floodlight-rce/
Trust: 2.4
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2018-1000163
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2018-1000163
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2018-004189 // 
            
            
            
            CNNVD: CNNVD-201804-835 // 
            
            
            
            NVD: CVE-2018-1000163

SOURCES
db:JVNDBid:JVNDB-2018-004189
db:CNNVDid:CNNVD-201804-835
db:NVDid:CVE-2018-1000163

LAST UPDATE DATE
2024-11-23T22:06:55.847000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2018-004189date:2018-06-13T00:00:00
db:CNNVDid:CNNVD-201804-835date:2018-05-09T00:00:00
db:NVDid:CVE-2018-1000163date:2024-11-21T03:39:49.690

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2018-004189date:2018-06-13T00:00:00
db:CNNVDid:CNNVD-201804-835date:2018-04-18T00:00:00
db:NVDid:CVE-2018-1000163date:2018-04-18T19:29:00.660